Hello,

recent versions (4.47+ I think) of stunnel introduce the following code in stunnel.c:

--- stunnel-4.46/src/stunnel.c 2011-11-03 10:06:59.000000000 +0100 +++ stunnel-4.54/src/stunnel.c 2012-08-18 23:11:53.000000000 +0200 [...] } else { /* inetd mode */ [...] + signal(SIGCHLD, SIG_IGN); /* ignore dead children */ + signal(SIGPIPE, SIG_IGN); /* ignore broken pipe */ + client_main(alloc_client_session(&service_options, 0, 1)); }

In Linux, child processes seem to inherit their parent's SIGCHLD handler setting. This means that all of stunnel's child processes will be unable to wait for their children.

This causes the following uucp-over-stunnel setup I have:

CAfile = /etc/ssl/certs/cacert.pem cert = /etc/ssl/certs/suucpcert.pem key = /etc/ssl/private/suucpkey.unenc verify = 2

service = suucp exec = /usr/sbin/uucico execargs = uucico -l

to fail horribly with messages such as this:

uucico weiser - (2013-01-29 01:25:15.33 3676) Call complete (6 seconds 21620 bytes 35103 bps) uuxqt weiser root (2013-01-29 01:25:17.36 3677) Executing X.weiserSEQ1 (rbsmtp) uuxqt weiser root (2013-01-29 01:25:17.96 3677) ERROR: waitpid: No child processes uuxqt weiser root (2013-01-29 01:25:17.96 3677) Execution failed (X.weiserSEQ1)

Restoring SIGCHLD to SIG_DFL just before execvp()'ing the child as in the attached patch seems to fix it.

I also attach a small test case for reproducing. It can be run like this:

nc -l -p 12345 -e "stunnel sigchldtest.conf" 127.0.0.1 & openssl s_client -quiet -verify 0 -connect 127.0.0.1:12345

and should produce the following output:

child: 2654 child 2654 died

When automatic child reaping it active it will fail like this:

child: 2538 waitpid: No child processes

BTW: On Mac OS X, the SIGCHLD handler setting does not seem to be inherited by children.